Classifying internet one-way traffic

Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Volumn , Issue , 2012, Pages 37-50

  Glatz, Eduard ^a   Dimitropoulos, Xenofontas ^a  

^a ETH ZURICH   (Switzerland)

Author keywords

measurement methods; traffic analysis (anomaly detection,classification)

Indexed keywords

ANOMALY DETECTION; BACK-BONE NETWORK; CLASSIFICATION SCHEME; CONCEPTUAL MODEL; DATA SETS; INTERNET BACKGROUND RADIATION; INTERNET TRAFFIC; IP ADDRESSS; LIVE NETWORKS; MEASUREMENT METHODS; MISCONFIGURATIONS; MONITORING NETWORK; NETWORK TELESCOPES; ON FLOW; PEER-TO-PEER APPLICATION; PETABYTES; SERVICE OUTAGE;

INTERNET;

PEER TO PEER NETWORKS;

EID: 84870898677     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2398776.2398781     Document Type: Conference Paper

References (41)

1. One-way Traffic Classification Website. http://www.ow-class.ethz.ch/.
2. Akamai Technologies. The state of the internet report (3rd quarter, 2009). Technical report, 2009.
3. M. Allman, V. Paxson, and J. Terrell. A brief history of scanning. In Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, page 82. ACM, 2007.
4. M. Bailey, E. Cooke, F. Jahanian, D. Watson, and J. Nazario. The blaster worm: Then and now. IEEE Security and Privacy, 3:26-31, July 2005.
5. D. Brauckhoff, X. Dimitropoulos, A. Wagner, and K. Salamatian. Anomaly extraction in backbone networks using association rules. In Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference, IMC '09, pages 28-34, New York, NY, USA, 2009. ACM.
6. N. Brownlee. One-way traffic monitoring with iatmon. In Passive and Active Measurement Conference, 2012.
7. CAIDA. UCSD Network Telescope. http://www.caida.org/data/realtime/ telescope/.
8. Y.-J. Chi, R. Oliveira, and L. Zhang. Cyclops: the as-level connectivity observatory. SIGCOMM Comput. Commun. Rev., 38(5), Sept. 2008.
9. T. Cymru. The Bogon Reference. http://www.team-cymru.org/Services/Bogons/ , 2012.
10. A. Dainotti, R. Amman, E. Aben, and K. C. Claffy. Extracting benefit from harm: using malware pollution to analyze the impact of political and geophysical events on the internet. SIGCOMM Comput. Commun. Rev., 42(1):31-39, 2012.
11. Cooperative Network Security Community - Internet Security. www.dshield.org.
12. E. Glatz and X. Dimitropoulos. Classifying internet one-way traffic. TIK-Report 336, ETH Zurich, May 2012.
13. S. Guha, J. Chandrashekar, N. Taft, and K. Papagiannaki. How healthy are today's enterprise networks? In Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, pages 145-150. ACM, 2008.
14. X. Hu and Z. M. Mao. Accurate real-time identification of ip prefix hijacking. In Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP '07, 2007.
15. IANA - Internet Assigned Numbers Authority. PORT NUMBERS. http://www.iana.org/assignments/port-numbers, 2011.
16. C. Inacio and B. Trammell. Yaf: yet another flowmeter. In Proceedings of the 24th international conference on Large installation system administration, pages 1-16. USENIX Association, 2010.
17. Y. Jin, Z. Zhang, K. Xu, F. Cao, and S. Sahu. Identifying and tracking suspicious activities through IP gray space analysis. In Proceedings of the 3rd annual ACM workshop on Mining network data, page 12. ACM, 2007.
18. W. John and S. Tafvelin. Heuristics to classify internet backbone traffic based on connection patterns. International Conference on Information Networking (ICOIN), pages 1-5, 2008.
19. J. Jung, V. Paxson, A. Berger, and H. Balakrishnan. Fast portscan detection using sequential hypothesis testing. In Proceedings of the IEEE Symposium on Security and Privacy, pages 211-225, 2004.
20. T. Karagiannis, A. Broido, and M. Faloutsos. Transport layer identification of p2p traffic. Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pages 121-134, 2004.
21. T. Karagiannis, K. Papagiannaki, and M. Faloutsos. Blinc: multilevel traffic classification in the dark. In Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, SIGCOMM '05, 2005.
22. E. Katz-Bassett, H. V. Madhyastha, J. P. John, A. Krishnamurthy, D. Wetherall, and T. Anderson. Studying black holes in the internet with hubble. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, NSDI'08, 2008.
23. E. Katz-Bassett, C. Scott, D. R. Choffnes, I. Cunha, V. Valancius, N. Feamster, H. V. Madhyastha, T. Anderson, and A. Krishnamurthy. Lifeguard: practical repair of persistent route failures. In Proceedings of the ACM SIGCOMM 2012, 2012.
24. H. Kim, K. Claffy, M. Fomenkov, D. Barman, M. Faloutsos, and K. Lee. Internet traffic classification demystified: myths, caveats, and the best practices. In Proceedings of the 2008 ACM CoNEXT conference, page 11. ACM, 2008.
25. M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Zhang. PHAS: A prefix hijack alert system. In In Proc. USENIX Security Symposium, 2006.
26. D. Lee and N. Brownlee. Passive measurement of one-way and two-way flow lifetimes. SIGCOMM Comput. Commun. Rev., 37(3):17-28, 2007.
27. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. Inside the slammer worm. IEEE Security and Privacy, 1:33-39, July 2003.
28. D. Moore, C. Shannon, G. Voelker, and S. Savage. Network telescopes: Technical report. Technical report, CAIDA, 2004.
29. D. Moore, G. M. Voelker, and S. Savage. Inferring internet denial-of-service activity. In SSYM'01: Proceedings of the 10th conference on USENIX Security Symposium, Berkeley, USA, 2001.
30. R. Pang, V. Yegneswaran, P. Barford, V. Paxson, and L. Peterson. Characteristics of Internet background radiation. In Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pages 27-40. ACM New York, NY, USA, 2004.
31. M. Perényi, T. D. Dang, A. Gefferth, and S. Molnr. Identification and analysis of peer-to-peer traffic. JOURNAL OF COMMUNICATIONS, 1(7), 2006.
32. D. Schatzmann, S. Leinen, J. Kogel, and W. Muhlbauer. Fact: Flow-based approach for connectivity tracking. In Passive and Active Measurement conference, Mar. 2011.
33. X. Shi, Y. Xiang, Z. Wang, X. Yin, and J. Wu. Detecting prefix hijackings in the internet with argus. In Proceedings of the 12th ACM SIGCOMM conference on Internet measurement. ACM, 2012.
34. B. Trammell and E. Boschi. Bidirectional flow export using IPFIX. RFC 5103, January 2008.
35. J. Treurniet. A network activity classification schema and its application to scan detection. IEEE/ACM Trans. Netw., 19(5):1396-1404, Oct. 2011.
36. US Homeland Security. BGPmon. http://bgpmon.net/.
37. Wikipedia. Netflow. http://en.wikipedia.org/wiki/Netflow.
38. E. Wustrow, M. Karir, M. Bailey, F. Jahanian, and G. Huston. Internet background radiation revisited. In Proceedings of the 10th annual conference on Internet measurement, IMC '10, pages 62-74, New York, NY, USA, 2010. ACM.
39. V. Yegneswaran, P. Barford, and J. Ullrich. Internet intrusions: global characteristics and prevalence. SIGMETRICS Perform. Eval. Rev., 31(1):138-147, 2003.
40. Z. Zhang, Y. Zhang, Y. C. Hu, Z. M. Mao, and R. Bush. ispy: detecting ip prefix hijacking on my own. IEEE/ACM Trans. Netw., 18(6), Dec. 2010.
41. C. Zheng, L. Ji, D. Pei, J. Wang, and P. Francis. A light-weight distributed scheme for detecting ip prefix hijacks in real-time. In Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications, SIGCOMM '07, 2007.